Hello, Using Libressl 3.0.2 (earlier are also affected), I'm unable to use SHA512 (only SHA1 is allowed) to sign my kernel modules. user@localhost: make modules_install INSTALL arch/x86/crypto/camellia-aesni-avx-x86_64.ko sign-file: LibreSSL 3.0.2 only supports SHA1 signing make[1]: *** [scripts/Makefile.modinst:33: arch/x86/crypto/camellia-aesni-avx-x86_64.ko] Error 3 make: *** [Makefile:1320: _modinst_] Error 2 There is a kernel bug report for it, and reading this comment : https://bugzilla.kernel.org/show_bug.cgi?id=202159#c8 It looks like it is fixed in Libressl : https://github.com/libressl-portable/portable/issues/448 Reproducible: Always
The following kernel patch https://patchwork.kernel.org/patch/11446123/ and Libressl 3.1.0 newly released (currently in testing) allows to finally sign modules with SHA512 (or else) Hopefully, the kernel patch will be added to gentoo-sources.
Bug report closed. Opened a new one to add the kernel patch to gentoo-sources : https://bugs.gentoo.org/show_bug.cgi?id=717166
Just tried installing gentoo on an older laptop today and encountered this issue. To resolve, I had to unmask LibreSSL and kernel sources. Following, update the system. Afterwards I was able to continue with the handbook "genkernel all".